SSCP

In an organization where there are frequent personnel changes, non-discretionary access control using Role Based Access Control (RBAC) is useful because:A .  people need not use discretionB .  the access controls are based on the individual's role or title within the organization.C .  the access controls are not based on...

Another type of access control is lattice-based access control. In this type of control a lattice model is applied. How is this type of access control concept applied?A .  The pair of elements is the subject and object, and the subject has an upper bound equal or higher than the...

Which of the following is often the greatest challenge of distributed computing solutions?A .  scalabilityB .  securityC .  heterogeneityD .  usabilityView AnswerAnswer: B Explanation: The correct answer to this "security". It is a major factor in deciding if a centralized or decentralized environment is more appropriate. Example: In a centralized...

Which of the following statements relating to the Bell-LaPadula security model is FALSE (assuming the Strong Star property is not being used) ?A .  A subject is not allowed to read up.B .  The property restriction can be escaped by temporarily downgrading a high level subject.C .  A subject is...

Which of the following is not a responsibility of an information (data) owner?A .  Determine what level of classification the information requires.B .  Periodically review the classification assignments against business needs.C .  Delegate the responsibility of data protection to data custodians.D .  Running regular backups and periodically testing the validity...

What is the main focus of the Bell-LaPadula security model?A .  AccountabilityB .  IntegrityC .  ConfidentialityD .  AvailabilityView AnswerAnswer: C Explanation: The Bell-LaPadula model is a formal model dealing with confidentiality. The BellCLaPadula Model (abbreviated BLP) is a state machine model used for enforcing access control in government and military applications....

Which of the following statements pertaining to software testing approaches is correct?A .  A bottom-up approach allows interface errors to be detected earlier.B .  A top-down approach allows errors in critical modules to be detected earlier.C .  The test plan and results should be retained as part of the system's...

There are parallels between the trust models in Kerberos and Public Key Infrastructure (PKI). When we compare them side by side, Kerberos tickets correspond most closely to which of the following?A .  public keysB .  private keysC .  public-key certificatesD .  private-key certificatesView AnswerAnswer: C Explanation: A Kerberos ticket is issued...

What can be defined as: It confirms that users’ needs have been met by the supplied solution ?A .  AccreditationB .  CertificationC .  AssuranceD .  AcceptanceView AnswerAnswer: D Explanation: Acceptance confirms that users’ needs have been met by the supplied solution. Verification and Validation informs Acceptance by establishing the evidence C...

Who developed one of the first mathematical models of a multilevel-security computer system?A .  Diffie and Hellman.B .  Clark and Wilson.C .  Bell and LaPadula.D .  Gasser and Lipner.View AnswerAnswer: C Explanation: In 1973 Bell and LaPadula created the first mathematical model of a multi-level security system. The following answers are...